namespace TestLink2Net.Security
{
    using System;
    using System.Web.Security;
    using System.Web;
    using System.Web.Configuration;
    using System.Security.Principal;
    using System.Security.Permissions;
    using System.Globalization;
    using System.Runtime.Serialization;
    using System.Collections;
    using System.Collections.Specialized;
    using System.Data;
    using System.Data.SqlClient;
    using System.Data.SqlTypes;
    using System.Security.Cryptography;
    using System.Text;
    using System.Text.RegularExpressions;
    using System.Configuration.Provider;
    using System.Configuration;
    using System.Web.DataAccess;
    using System.Web.Management;
    using System.Web.Util;
    using TestLink2Net.Bal;
    using TestLink2Net.Entities;
    using TestLink2Net.CustomExceptions;

    /// <devdoc>
    ///    <para>[To be supplied.]</para>
    /// </devdoc>
    // Remove CAS from sample: [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
    // Remove CAS from sample: [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal)]
    public class SqlMembershipProvider : MembershipProvider
    {
        ////////////////////////////////////////////////////////////
        // Public properties

        public override bool EnablePasswordRetrieval { get { return _EnablePasswordRetrieval; } }

        public override bool EnablePasswordReset { get { return _EnablePasswordReset; } }

        public override bool RequiresQuestionAndAnswer { get { return _RequiresQuestionAndAnswer; } }

        public override bool RequiresUniqueEmail { get { return _RequiresUniqueEmail; } }

        public override MembershipPasswordFormat PasswordFormat { get { return _PasswordFormat; } }
        public override int MaxInvalidPasswordAttempts { get { return _MaxInvalidPasswordAttempts; } }

        public override int PasswordAttemptWindow { get { return _PasswordAttemptWindow; } }

        public override int MinRequiredPasswordLength
        {
            get { return _MinRequiredPasswordLength; }
        }

        public override int MinRequiredNonAlphanumericCharacters
        {
            get { return _MinRequiredNonalphanumericCharacters; }
        }

        public override string PasswordStrengthRegularExpression
        {
            get { return _PasswordStrengthRegularExpression; }
        }

        public override string ApplicationName
        {
            get { return _AppName; }
            set
            {
                if (String.IsNullOrEmpty(value))
                    throw new ArgumentNullException("value");

                if (value.Length > 256)
                    throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long));
                _AppName = value;
            }
        }

        private string _sqlConnectionString;
        private bool _EnablePasswordRetrieval;
        private bool _EnablePasswordReset;
        private bool _RequiresQuestionAndAnswer;
        private string _AppName;
        private bool _RequiresUniqueEmail;
        private int _MaxInvalidPasswordAttempts;
        private int _CommandTimeout;
        private int _PasswordAttemptWindow;
        private int _MinRequiredPasswordLength;
        private int _MinRequiredNonalphanumericCharacters;
        private string _PasswordStrengthRegularExpression;
        private int _SchemaVersionCheck;
        private MembershipPasswordFormat _PasswordFormat;

        private const int PASSWORD_SIZE = 14;

        public override void Initialize(string name, NameValueCollection config)
        {
            // Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
            if (config == null)
                throw new ArgumentNullException("config");
            if (String.IsNullOrEmpty(name))
                name = "SqlMembershipProvider";
            if (string.IsNullOrEmpty(config["description"]))
            {
                config.Remove("description");
                config.Add("description", SR.GetString(SR.MembershipSqlProvider_description));
            }
            base.Initialize(name, config);

            _SchemaVersionCheck = 0;

            _EnablePasswordRetrieval = Util.GetBooleanValue(config, "enablePasswordRetrieval", false);
            _EnablePasswordReset = Util.GetBooleanValue(config, "enablePasswordReset", true);
            _RequiresQuestionAndAnswer = Util.GetBooleanValue(config, "requiresQuestionAndAnswer", true);
            _RequiresUniqueEmail = Util.GetBooleanValue(config, "requiresUniqueEmail", true);
            _MaxInvalidPasswordAttempts = Util.GetIntValue(config, "maxInvalidPasswordAttempts", 5, false, 0);
            _PasswordAttemptWindow = Util.GetIntValue(config, "passwordAttemptWindow", 10, false, 0);
            _MinRequiredPasswordLength = Util.GetIntValue(config, "minRequiredPasswordLength", 7, false, 128);
            _MinRequiredNonalphanumericCharacters = Util.GetIntValue(config, "minRequiredNonalphanumericCharacters", 1, true, 128);

            _PasswordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
            if (_PasswordStrengthRegularExpression != null)
            {
                _PasswordStrengthRegularExpression = _PasswordStrengthRegularExpression.Trim();
                if (_PasswordStrengthRegularExpression.Length != 0)
                {
                    try
                    {
                        Regex regex = new Regex(_PasswordStrengthRegularExpression);
                    }
                    catch (ArgumentException e)
                    {
                        throw new ProviderException(e.Message, e);
                    }
                }
            }
            else
            {
                _PasswordStrengthRegularExpression = string.Empty;
            }
            if (_MinRequiredNonalphanumericCharacters > _MinRequiredPasswordLength)
                throw new HttpException(SR.GetString(SR.MinRequiredNonalphanumericCharacters_can_not_be_more_than_MinRequiredPasswordLength));

            _CommandTimeout = Util.GetIntValue(config, "commandTimeout", 30, true, 0);
            _AppName = config["applicationName"];
            if (string.IsNullOrEmpty(_AppName))
                _AppName = Util.GetDefaultAppName();

            if (_AppName.Length > 256)
            {
                throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long));
            }

            string strTemp = config["passwordFormat"];
            if (strTemp == null)
                strTemp = "Hashed";

            switch (strTemp)
            {
                case "Clear":
                    _PasswordFormat = MembershipPasswordFormat.Clear;
                    break;
                case "Encrypted":
                    _PasswordFormat = MembershipPasswordFormat.Encrypted;
                    break;
                case "Hashed":
                    _PasswordFormat = MembershipPasswordFormat.Hashed;
                    break;
                default:
                    throw new ProviderException(SR.GetString(SR.Provider_bad_password_format));
            }

            if (PasswordFormat == MembershipPasswordFormat.Hashed && EnablePasswordRetrieval)
                throw new ProviderException(SR.GetString(SR.Provider_can_not_retrieve_hashed_password));
            //if (_PasswordFormat == MembershipPasswordFormat.Encrypted && MachineKeySection.IsDecryptionKeyAutogenerated)
            //    throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys));

            string temp = config["connectionStringName"];
            if (temp == null || temp.Length < 1)
                throw new ProviderException(SR.GetString(SR.Connection_name_not_specified));
            _sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
            if (_sqlConnectionString == null || _sqlConnectionString.Length < 1)
            {
                throw new ProviderException(SR.GetString(SR.Connection_string_not_found, temp));
            }

            config.Remove("connectionStringName");
            config.Remove("enablePasswordRetrieval");
            config.Remove("enablePasswordReset");
            config.Remove("requiresQuestionAndAnswer");
            config.Remove("applicationName");
            config.Remove("requiresUniqueEmail");
            config.Remove("maxInvalidPasswordAttempts");
            config.Remove("passwordAttemptWindow");
            config.Remove("commandTimeout");
            config.Remove("passwordFormat");
            config.Remove("name");
            config.Remove("minRequiredPasswordLength");
            config.Remove("minRequiredNonalphanumericCharacters");
            config.Remove("passwordStrengthRegularExpression");
            if (config.Count > 0)
            {
                string attribUnrecognized = config.GetKey(0);
                if (!String.IsNullOrEmpty(attribUnrecognized))
                    throw new ProviderException(SR.GetString(SR.Provider_unrecognized_attribute, attribUnrecognized));
            }
        }

        private void CheckSchemaVersion(SqlConnection connection)
        {
            string[] features = { "Common", "Membership" };
            string version = "1";

            Util.CheckSchemaVersion(this,
                                           connection,
                                           features,
                                           version,
                                           ref _SchemaVersionCheck);
        }

        private int CommandTimeout
        {
            get { return _CommandTimeout; }
        }













        public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            Util.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch");

            if (pageIndex < 0)
                throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
            if (pageSize < 1)
                throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");

            long upperBound = (long)pageIndex * pageSize + pageSize - 1;
            if (upperBound > Int32.MaxValue)
                throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");


            MembershipUserCollection users = new MembershipUserCollection();
            try
            {
                UserList list = SecurityMster.Instance.FindUsersByName(ApplicationName, usernameToMatch, pageIndex, pageSize);
                list.ForEach(f =>
                {
                    users.Add(new MembershipUser(
                        this.Name,
                                           f.UserName,
                                           f.ProviderUserKey,
                                           f.Email,
                                           f.PasswordQuestion,
                                           f.Comment,
                                           f.IsApproved,
                                           f.IsLockedOut,
                                           f.CreateDate,
                                           f.LastLogInDate,
                                           f.LastActivityDate,
                                           f.LastPasswordChangedDate,
                                           f.LastLockOutDate
                    ));
                });
                /*
                SqlConnectionHolder holder = null;
                totalRecords = 0;
                SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                p.Direction = ParameterDirection.ReturnValue;
                try {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_FindUsersByName", holder.Connection);
                    MembershipUserCollection users = new MembershipUserCollection();
                    SqlDataReader reader = null;

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                    cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch));
                    cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
                    cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
                    cmd.Parameters.Add(p);
                    try
                    {
                        reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
                        while (reader.Read())
                        {
                            string username, email, passwordQuestion, comment;
                            bool isApproved;
                            DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
                            Guid userId;
                            bool isLockedOut;
                            DateTime dtLastLockoutDate;

                            username = GetNullableString( reader, 0 );
                            email = GetNullableString(reader, 1);
                            passwordQuestion = GetNullableString( reader, 2 );
                            comment = GetNullableString(reader, 3);
                            isApproved = reader.GetBoolean(4);
                            dtCreate = reader.GetDateTime(5).ToLocalTime();
                            dtLastLogin = reader.GetDateTime(6).ToLocalTime();
                            dtLastActivity = reader.GetDateTime(7).ToLocalTime();
                            dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
                            userId = reader.GetGuid( 9 );
                            isLockedOut = reader.GetBoolean( 10 );
                            dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();

                            users.Add( new MembershipUser( this.Name,
                                                           username,
                                                           userId,
                                                           email,
                                                           passwordQuestion,
                                                           comment,
                                                           isApproved,
                                                           isLockedOut,
                                                           dtCreate,
                                                           dtLastLogin,
                                                           dtLastActivity,
                                                           dtLastPassChange,
                                                           dtLastLockoutDate ) );
                        }

                        return users;
                    }
                    finally
                    {
                        if (reader != null)
                            reader.Close();
                        if (p.Value != null && p.Value is int)
                            totalRecords = (int) p.Value;
                    }
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
                 * */
            }
            catch
            {
                throw;
            }
            totalRecords = 0;
            return users;
        }
        public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            Util.CheckParameter(ref emailToMatch, false, false, false, 256, "emailToMatch");

            if (pageIndex < 0)
                throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
            if (pageSize < 1)
                throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");

            long upperBound = (long)pageIndex * pageSize + pageSize - 1;
            if (upperBound > Int32.MaxValue)
                throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");
            MembershipUserCollection users = new MembershipUserCollection();

            try
            {
                UserList list = SecurityMster.Instance.FindUsersByEmail(ApplicationName, emailToMatch, pageIndex, pageSize);

                list.ForEach(f =>
                {
                    users.Add(new MembershipUser(
                        this.Name,
                                           f.UserName,
                                           f.ProviderUserKey,
                                           f.Email,
                                           f.PasswordQuestion,
                                           f.Comment,
                                           f.IsApproved,
                                           f.IsLockedOut,
                                           f.CreateDate,
                                           f.LastLogInDate,
                                           f.LastActivityDate,
                                           f.LastPasswordChangedDate,
                                           f.LastLockOutDate
                    ));
                });
                /*           SqlConnectionHolder holder = null;
                totalRecords = 0;
                SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                p.Direction = ParameterDirection.ReturnValue;
                try {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_FindUsersByEmail", holder.Connection);
                    MembershipUserCollection users = new MembershipUserCollection();
                    SqlDataReader reader = null;

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                    cmd.Parameters.Add(CreateInputParam("@EmailToMatch", SqlDbType.NVarChar, emailToMatch));
                    cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
                    cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
                    cmd.Parameters.Add(p);
                    try {
                        reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
                        while (reader.Read()) {
                            string username, email, passwordQuestion, comment;
                            bool isApproved;
                            DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
                            Guid userId;
                            bool isLockedOut;
                            DateTime dtLastLockoutDate;

                            username = GetNullableString( reader, 0 );
                            email = GetNullableString(reader, 1);
                            passwordQuestion = GetNullableString( reader, 2 );
                            comment = GetNullableString(reader, 3);
                            isApproved = reader.GetBoolean(4);
                            dtCreate = reader.GetDateTime(5).ToLocalTime();
                            dtLastLogin = reader.GetDateTime(6).ToLocalTime();
                            dtLastActivity = reader.GetDateTime(7).ToLocalTime();
                            dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
                            userId = reader.GetGuid( 9 );
                            isLockedOut = reader.GetBoolean( 10 );
                            dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();

                            users.Add( new MembershipUser( this.Name,
                                                           username,
                                                           userId,
                                                           email,
                                                           passwordQuestion,
                                                           comment,
                                                           isApproved,
                                                           isLockedOut,
                                                           dtCreate,
                                                           dtLastLogin,
                                                           dtLastActivity,
                                                           dtLastPassChange,
                                                           dtLastLockoutDate ) );
                        }

                        return users;
                    }
                    finally
                    {
                        if (reader != null)
                            reader.Close();
                        if (p.Value != null && p.Value is int)
                            totalRecords = (int)p.Value;
                    }
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
 * */
            }
            catch
            {
                throw;
            }
            totalRecords = 0;
            return users;
        }


        public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
        {
            if (pageIndex < 0)
                throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
            if (pageSize < 1)
                throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");

            long upperBound = (long)pageIndex * pageSize + pageSize - 1;
            if (upperBound > Int32.MaxValue)
                throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");

            MembershipUserCollection users = new MembershipUserCollection();
            totalRecords = 0;
            try
            {
                UserList list = SecurityMster.Instance.GetAllUsers(ApplicationName, pageIndex, pageSize);

                list.ForEach(f =>
                {
                    users.Add(new MembershipUser(
                        this.Name,
                                           f.UserName,
                                           f.ProviderUserKey,
                                           f.Email,
                                           f.PasswordQuestion,
                                           f.Comment,
                                           f.IsApproved,
                                           f.IsLockedOut,
                                           f.CreateDate,
                                           f.LastLogInDate,
                                           f.LastActivityDate,
                                           f.LastPasswordChangedDate,
                                           f.LastLockOutDate
                    ));
                });
                /*
                    SqlConnectionHolder holder = null;
                    try {
                        holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                        CheckSchemaVersion( holder.Connection );

                        SqlCommand               cmd     = new SqlCommand("dbo.aspnet_Membership_GetAllUsers", holder.Connection);
                        SqlDataReader            reader  = null;
                        SqlParameter             p       = new SqlParameter("@ReturnValue", SqlDbType.Int);

                        cmd.CommandTimeout = CommandTimeout;
                        cmd.CommandType = CommandType.StoredProcedure;
                        cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                        cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
                        cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
                        p.Direction = ParameterDirection.ReturnValue;
                        cmd.Parameters.Add(p);
                        try {
                            reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
                            while (reader.Read()) {
                                string username, email, passwordQuestion, comment;
                                bool isApproved;
                                DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
                                Guid userId;
                                bool isLockedOut;
                                DateTime dtLastLockoutDate;

                                username = GetNullableString( reader, 0 );
                                email = GetNullableString(reader, 1);
                                passwordQuestion = GetNullableString( reader, 2 );
                                comment = GetNullableString(reader, 3);
                                isApproved = reader.GetBoolean(4);
                                dtCreate = reader.GetDateTime(5).ToLocalTime();
                                dtLastLogin = reader.GetDateTime(6).ToLocalTime();
                                dtLastActivity = reader.GetDateTime(7).ToLocalTime();
                                dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
                                userId = reader.GetGuid( 9 );
                                isLockedOut = reader.GetBoolean( 10 );
                                dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();

                                users.Add( new MembershipUser( this.Name,
                                                               username,
                                                               userId,
                                                               email,
                                                               passwordQuestion,
                                                               comment,
                                                               isApproved,
                                                               isLockedOut,
                                                               dtCreate,
                                                               dtLastLogin,
                                                               dtLastActivity,
                                                               dtLastPassChange,
                                                               dtLastLockoutDate ) );
                            }
                        }
                        finally
                        {
                            if (reader != null)
                                reader.Close();
                            if (p.Value != null && p.Value is int)
                                totalRecords = (int)p.Value;
                        }
                    }
                    finally
                    {
                        if( holder != null )
                        {
                            holder.Close();
                            holder = null;
                        }
                    }
                 * */
            }
            catch
            {
                throw;
            }
            return users;
        }

        public override MembershipUser GetUser(string username, bool userIsOnline)
        {
            Util.CheckParameter(
                            ref username,
                            true,
                            false,
                            true,
                            256,
                            "username");

            SqlDataReader reader = null;
            try
            {
                User user = SecurityMster.Instance.GetUser(username, ApplicationName, userIsOnline);

                return new MembershipUser(this.Name,
                                           user.UserName,
                                           user.ProviderUserKey,
                                           user.Email,
                                           user.PasswordQuestion,
                                           user.Comment,
                                           user.IsApproved,
                                           user.IsLockedOut,
                                           user.CreateDate,
                                           user.LastLogInDate,
                                           user.LastActivityDate,
                                           user.LastPasswordChangedDate,
                                           user.LastLockOutDate);

                /*
                    SqlConnectionHolder holder = null;
                    try {
                        holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                        CheckSchemaVersion( holder.Connection );

                        SqlCommand    cmd     = new SqlCommand("dbo.aspnet_Membership_GetUserByName", holder.Connection);

                        cmd.CommandTimeout = CommandTimeout;
                        cmd.CommandType = CommandType.StoredProcedure;
                        cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                        cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
                        cmd.Parameters.Add(CreateInputParam("@UpdateLastActivity", SqlDbType.Bit, userIsOnline));
                        cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                        SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                        p.Direction = ParameterDirection.ReturnValue;
                        cmd.Parameters.Add(p);

                        reader = cmd.ExecuteReader();
                        if ( reader.Read() )
                        {
                            string email = GetNullableString(reader, 0);
                            string passwordQuestion = GetNullableString( reader, 1 );
                            string comment = GetNullableString(reader, 2);
                            bool isApproved = reader.GetBoolean(3);
                            DateTime dtCreate = reader.GetDateTime(4).ToLocalTime();
                            DateTime dtLastLogin = reader.GetDateTime(5).ToLocalTime();
                            DateTime dtLastActivity = reader.GetDateTime(6).ToLocalTime();
                            DateTime dtLastPassChange = reader.GetDateTime(7).ToLocalTime();
                            Guid userId = reader.GetGuid( 8 );
                            bool isLockedOut = reader.GetBoolean( 9 );
                            DateTime dtLastLockoutDate = reader.GetDateTime(10).ToLocalTime();

                            ////////////////////////////////////////////////////////////
                            // Step 4 : Return the result
                            return new MembershipUser( this.Name,
                                                       username,
                                                       userId,
                                                       email,
                                                       passwordQuestion,
                                                       comment,
                                                       isApproved,
                                                       isLockedOut,
                                                       dtCreate,
                                                       dtLastLogin,
                                                       dtLastActivity,
                                                       dtLastPassChange,
                                                       dtLastLockoutDate );
                        }

                        return null;

                    }
                    finally
                    {
                        if ( reader != null )
                        {
                            reader.Close();
                            reader = null;
                        }

                        if( holder != null )
                        {
                            holder.Close();
                            holder = null;
                        }
                    }
                 * */
            }
            catch
            {
                throw;
            }
            return null;
        }

        public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
        {

            if (providerUserKey == null)
            {
                throw new ArgumentNullException("providerUserKey");
            }

            if (!(providerUserKey is Guid))
            {
                throw new ArgumentException(SR.GetString(SR.Membership_InvalidProviderUserKey), "providerUserKey");
            }

            SqlDataReader reader = null;
            try
            {
                User user = SecurityMster.Instance.GetUser((Guid)providerUserKey, ApplicationName, userIsOnline);

                return new MembershipUser(this.Name,
                                           user.UserName,
                                           providerUserKey,
                                           user.Email,
                                           user.PasswordQuestion,
                                           user.Comment,
                                           user.IsApproved,
                                           user.IsLockedOut,
                                           user.CreateDate,
                                           user.LastLogInDate,
                                           user.LastActivityDate,
                                           user.LastPasswordChangedDate,
                                           user.LastLockOutDate);
                /*
                    SqlConnectionHolder holder = null;
                    try {
                        holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                        CheckSchemaVersion( holder.Connection );

                        SqlCommand    cmd     = new SqlCommand( "dbo.aspnet_Membership_GetUserByUserId", holder.Connection );

                        cmd.CommandTimeout = CommandTimeout;
                        cmd.CommandType = CommandType.StoredProcedure;
                        cmd.Parameters.Add(CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey ) );
                        cmd.Parameters.Add(CreateInputParam("@UpdateLastActivity", SqlDbType.Bit, userIsOnline));
                        cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                        SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                        p.Direction = ParameterDirection.ReturnValue;
                        cmd.Parameters.Add(p);

                        reader = cmd.ExecuteReader();
                        if ( reader.Read() )
                        {
                            string email = GetNullableString(reader, 0);
                            string passwordQuestion = GetNullableString( reader, 1 );
                            string comment = GetNullableString(reader, 2);
                            bool isApproved = reader.GetBoolean(3);
                            DateTime dtCreate = reader.GetDateTime(4).ToLocalTime();
                            DateTime dtLastLogin = reader.GetDateTime(5).ToLocalTime();
                            DateTime dtLastActivity = reader.GetDateTime(6).ToLocalTime();
                            DateTime dtLastPassChange = reader.GetDateTime(7).ToLocalTime();
                            string userName = GetNullableString(reader, 8);
                            bool isLockedOut = reader.GetBoolean(9);
                            DateTime dtLastLockoutDate = reader.GetDateTime(10).ToLocalTime();

                            ////////////////////////////////////////////////////////////
                            // Step 4 : Return the result
                            return new MembershipUser( this.Name,
                                                       userName,
                                                       providerUserKey,
                                                       email,
                                                       passwordQuestion,
                                                       comment,
                                                       isApproved,
                                                       isLockedOut,
                                                       dtCreate,
                                                       dtLastLogin,
                                                       dtLastActivity,
                                                       dtLastPassChange,
                                                       dtLastLockoutDate );
                        }

                        return null;
                    }
                    finally
                    {
                        if ( reader != null )
                        {
                            reader.Close();
                            reader = null;
                        }

                        if( holder != null )
                        {
                            holder.Close();
                            holder = null;
                        }
                    }
                 * */
            }
            catch
            {
                throw;
            }
            return null;
        }
        public override int GetNumberOfUsersOnline()
        {

            try
            {
                return SecurityMster.Instance.GetNumberOfUsersOnline(ApplicationName, Membership.UserIsOnlineTimeWindow);
                /*
                SqlConnectionHolder holder = null;
                try {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand    cmd     = new SqlCommand("dbo.aspnet_Membership_GetNumberOfUsersOnline", holder.Connection);
                    SqlParameter  p       = new SqlParameter("@ReturnValue", SqlDbType.Int);

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                    cmd.Parameters.Add(CreateInputParam("@MinutesSinceLastInActive", SqlDbType.Int, Membership.UserIsOnlineTimeWindow));
                    cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                    p.Direction = ParameterDirection.ReturnValue;
                    cmd.Parameters.Add(p);
                    cmd.ExecuteNonQuery();
                    int num = ((p.Value!=null) ? ((int) p.Value) : -1);
                    return num;
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
                 * */
            }
            catch
            {
                throw;
            }
            return 0;
        }
        public override bool DeleteUser(string username, bool deleteAllRelatedData)
        {
            Util.CheckParameter(ref username, true, true, true, 256, "username");

            try
            {
                return SecurityMster.Instance.DeleteUser(username, ApplicationName, deleteAllRelatedData);
                /*
                SqlConnectionHolder holder = null;
                try {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    CheckSchemaVersion( holder.Connection );
                    SqlCommand cmd = new SqlCommand("dbo.aspnet_Users_DeleteUser", holder.Connection);

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                    cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));

                    if( deleteAllRelatedData )
                    {
                        cmd.Parameters.Add(CreateInputParam("@TablesToDeleteFrom", SqlDbType.Int, 0xF));
                    }
                    else
                    {
                        cmd.Parameters.Add(CreateInputParam("@TablesToDeleteFrom", SqlDbType.Int, 1));
                    }

                    SqlParameter p = new SqlParameter("@NumTablesDeletedFrom", SqlDbType.Int);
                    p.Direction = ParameterDirection.Output;
                    cmd.Parameters.Add(p);
                    cmd.ExecuteNonQuery();

                    int status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );

                    return ( status > 0 );
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
                 * */
            }
            catch
            {
                throw;
            }
            return true;
        }
        public virtual string GeneratePassword()
        {
            return Membership.GeneratePassword(
                      MinRequiredPasswordLength < PASSWORD_SIZE ? PASSWORD_SIZE : MinRequiredPasswordLength,
                      MinRequiredNonAlphanumericCharacters);
        }
        public override string GetUserNameByEmail(string email)
        {
            Util.CheckParameter(
                            ref email,
                            false,
                            false,
                            false,
                            256,
                            "email");
            try
            {
                return SecurityMster.Instance.GetUserNameByEmail(email, ApplicationName);
                /*
    
                                SqlConnectionHolder holder = null;
                                try {
                                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                                    CheckSchemaVersion( holder.Connection );

                                    SqlCommand    cmd         = new SqlCommand("dbo.aspnet_Membership_GetUserByEmail", holder.Connection);
                                    string        username    = null;
                                    SqlDataReader reader      = null;

                                    cmd.CommandTimeout = CommandTimeout;
                                    cmd.CommandType = CommandType.StoredProcedure;
                                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                                    cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));

                                    SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                                    p.Direction = ParameterDirection.ReturnValue;
                                    cmd.Parameters.Add(p);
                                    try {
                                        reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
                                        if (reader.Read())
                                        {
                                            username = GetNullableString( reader, 0 );
                                            if ( RequiresUniqueEmail && reader.Read() )
                                            {
                                                throw new ProviderException(SR.GetString(SR.Membership_more_than_one_user_with_email));
                                            }
                                        }
                                    }
                                    finally
                                    {
                                        if (reader != null)
                                            reader.Close();
                                    }
                                    return username;
                                }
                                finally
                                {
                                    if( holder != null )
                                    {
                                        holder.Close();
                                        holder = null;
                                    }
                                }
                 * */
            }
            catch
            {
                throw;
            }
            return "";
        }
        public override bool UnlockUser(string username)
        {
            Util.CheckParameter(ref username, true, true, true, 256, "username");


            try
            {
                return SecurityMster.Instance.UnlockUser(username, ApplicationName);

                /*
                    SqlConnectionHolder holder = null;
                    try {
                        holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                        CheckSchemaVersion(holder.Connection);

                        SqlCommand cmd = new SqlCommand("dbo.aspnet_Membership_UnlockUser", holder.Connection);

                        cmd.CommandTimeout = CommandTimeout;
                        cmd.CommandType = CommandType.StoredProcedure;
                        cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                        cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));

                        SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                        p.Direction = ParameterDirection.ReturnValue;
                        cmd.Parameters.Add(p);

                        cmd.ExecuteNonQuery();

                        int status = ((p.Value != null) ? ((int)p.Value) : -1);
                        if (status == 0) {
                            return true;
                        }

                        return false;
                    }
                    finally {
                        if( holder != null )
                        {
                            holder.Close();
                            holder = null;
                        }
                    }
                 * */
            }
            catch
            {
                throw;
            }
        }
        public override void UpdateUser(MembershipUser user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            string temp = user.UserName;
            Util.CheckParameter(ref temp, true, true, true, 256, "UserName");
            temp = user.Email;
            Util.CheckParameter(ref temp,
                                       RequiresUniqueEmail,
                                       RequiresUniqueEmail,
                                       false,
                                       256,
                                       "Email");
            user.Email = temp;
            try
            {
                /*
                SqlConnectionHolder holder = null;
                try {
                    holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand    cmd     = new SqlCommand("dbo.aspnet_Membership_UpdateUser", holder.Connection);

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                    cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, user.UserName));
                    cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, user.Email));
                    cmd.Parameters.Add(CreateInputParam("@Comment", SqlDbType.NText, user.Comment));
                    cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, user.IsApproved ? 1 : 0));
                    cmd.Parameters.Add(CreateInputParam("@LastLoginDate", SqlDbType.DateTime, user.LastLoginDate.ToUniversalTime()));
                    cmd.Parameters.Add(CreateInputParam("@LastActivityDate", SqlDbType.DateTime, user.LastActivityDate.ToUniversalTime()));
                    cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
                    cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));

                    SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                    p.Direction = ParameterDirection.ReturnValue;
                    cmd.Parameters.Add(p);
                    cmd.ExecuteNonQuery();
                    int status = ((p.Value!=null) ? ((int) p.Value) : -1);
                    if (status != 0)
                        throw new ProviderException(GetExceptionText(status));
                    return;
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
                 * */

                User modifieduser = new User()
                {
                    ApplicationName = this.ApplicationName,
                    Comment = user.Comment,
                    Email = user.Email,
                    IsApproved = user.IsApproved,
                    UserName = user.UserName,
                    LastLogInDate = user.LastLoginDate,
                    LastActivityDate = user.LastActivityDate

                };

                SecurityMster.Instance.UpdateUser(modifieduser);
            }
            catch
            {
                throw;
            }
        }
        public override string ResetPassword(string username, string passwordAnswer)
        {
            if (!EnablePasswordReset)
            {
                throw new NotSupportedException(SR.GetString(SR.Not_configured_to_support_password_resets));
            }

            Util.CheckParameter(ref username, true, true, true, 256, "username");

            //string salt;
            //int passwordFormat;
            //string passwdFromDB;
            //int status;
            //int failedPasswordAttemptCount;
            //int failedPasswordAnswerAttemptCount;
            //bool isApproved;
            //DateTime lastLoginDate, lastActivityDate;

            //GetPasswordWithFormat(username, false, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
            //out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
            //if (status != 0)
            //{
            //    if (IsStatusDueToBadPassword(status))
            //    {
            //        throw new MembershipPasswordException(GetExceptionText(status));
            //    }
            //    else
            //    {
            //        throw new ProviderException(GetExceptionText(status));
            //    }
            //}

            string encodedPasswordAnswer;
            if (passwordAnswer != null)
            {
                passwordAnswer = passwordAnswer.Trim();
            }
            //if (!string.IsNullOrEmpty(passwordAnswer))
            //encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, salt);
            //else
            encodedPasswordAnswer = passwordAnswer;
            Util.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
            string newPassword = GeneratePassword();

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
            OnValidatingPassword(e);

            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                else
                {
                    throw new ProviderException(SR.GetString(SR.Membership_Custom_Password_Validation_Failure));
                }
            }


            try
            {
                /*
            SqlConnectionHolder holder = null;
            try {
                holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                CheckSchemaVersion( holder.Connection );

                SqlCommand    cmd     = new SqlCommand("dbo.aspnet_Membership_ResetPassword", holder.Connection);
                string        errText;

                cmd.CommandTimeout = CommandTimeout;
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
                cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
                cmd.Parameters.Add(CreateInputParam("@NewPassword", SqlDbType.NVarChar, EncodePassword(newPassword, (int) passwordFormat, salt)));
                cmd.Parameters.Add(CreateInputParam("@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
                cmd.Parameters.Add(CreateInputParam("@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
                cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
                cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)passwordFormat));
                cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                if (RequiresQuestionAndAnswer) {
                    cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
                }

                SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                p.Direction = ParameterDirection.ReturnValue;
                cmd.Parameters.Add(p);

                cmd.ExecuteNonQuery();

                status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );

                if ( status != 0 )
                {
                    errText = GetExceptionText( status );

                    if ( IsStatusDueToBadPassword( status ) )
                    {
                        throw new MembershipPasswordException( errText );
                    }
                    else
                    {
                        throw new ProviderException( errText );
                    }
                }
            }
            finally
            {
                if( holder != null )
                {
                    holder.Close();
                    holder = null;
                }
            }
                */

                if (RequiresQuestionAndAnswer)
                {
                    if (SecurityMster.Instance.ResetPassword(username, newPassword, encodedPasswordAnswer))
                    {
                        return newPassword;
                    }
                }
                else
                {
                    if (SecurityMster.Instance.ResetPassword(username, newPassword))
                    {
                        return newPassword;
                    }
                }

                throw new ProviderException();

            }
            catch
            {
                throw;
            }
        }
        public override bool ValidateUser(string username, string password)
        {
            if (Util.ValidateParameter(ref username, true, true, true, 256) &&
                    Util.ValidateParameter(ref password, true, true, false, 128) &&
                    SecurityMster.Instance.ValidateUser(username, Util.GetHash(password)))
            {
                return true;
            }
            return false;
        }
        public override MembershipUser CreateUser(string username,
                                                   string password,
                                                   string email,
                                                   string passwordQuestion,
                                                   string passwordAnswer,
                                                   bool isApproved,
                                                   object providerUserKey,
                                                   out    MembershipCreateStatus status)
        {
            if (!Util.ValidateParameter(ref password, true, true, false, 128))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }

            //string salt = GenerateSalt();
            //string pass = EncodePassword(password, (int)_PasswordFormat, salt);
            string pass = password;
            if (pass.Length > 128)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }

            string encodedPasswordAnswer;
            if (passwordAnswer != null)
            {
                passwordAnswer = passwordAnswer.Trim();
            }

            if (!string.IsNullOrEmpty(passwordAnswer))
            {
                if (passwordAnswer.Length > 128)
                {
                    status = MembershipCreateStatus.InvalidAnswer;
                    return null;
                }
                //encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), (int)_PasswordFormat, salt);
                encodedPasswordAnswer = passwordAnswer;
            }
            else
                encodedPasswordAnswer = passwordAnswer;
            if (!Util.ValidateParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, true, false, 128))
            {
                status = MembershipCreateStatus.InvalidAnswer;
                return null;
            }

            if (!Util.ValidateParameter(ref username, true, true, true, 256))
            {
                status = MembershipCreateStatus.InvalidUserName;
                return null;
            }

            if (!Util.ValidateParameter(ref email,
                                               RequiresUniqueEmail,
                                               RequiresUniqueEmail,
                                               false,
                                               256))
            {
                status = MembershipCreateStatus.InvalidEmail;
                return null;
            }

            if (!Util.ValidateParameter(ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
            {
                status = MembershipCreateStatus.InvalidQuestion;
                return null;
            }

            if (providerUserKey != null)
            {
                if (!(providerUserKey is Guid))
                {
                    status = MembershipCreateStatus.InvalidProviderUserKey;
                    return null;
                }
            }

            if (password.Length < MinRequiredPasswordLength)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }

            int count = 0;

            for (int i = 0; i < password.Length; i++)
            {
                if (!char.IsLetterOrDigit(password, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }

            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(password, PasswordStrengthRegularExpression))
                {
                    status = MembershipCreateStatus.InvalidPassword;
                    return null;
                }
            }

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);
            OnValidatingPassword(e);

            if (e.Cancel)
            {
                status = MembershipCreateStatus.InvalidPassword;
                return null;
            }

            MembershipUser user = null;
            try
            {
                User newuser = new User()
                {
                    ApplicationName = ApplicationName,
                    UserName = username,
                    Password = Util.GetHash(pass),
                    Email = email,
                    PasswordQuestion = passwordQuestion,
                    PasswordAnswer = Util.GetHash(encodedPasswordAnswer),
                    IsApproved = isApproved,
                    ProviderUserKey = ((Guid)providerUserKey).ToString()

                };

                status = MembershipCreateStatus.Success;
                SecurityMster.Instance.CreateUser(ref newuser);
                user = new MembershipUser(
                    this.Name,
                    newuser.FirstName + " " + newuser.LastName,
                    newuser.ProviderUserKey,
                    newuser.Email,
                    newuser.PasswordQuestion,
                    newuser.Comment,
                    newuser.IsApproved,
                    newuser.IsLockedOut,
                    newuser.CreateDate,
                    newuser.LastLogInDate,
                    newuser.LastActivityDate,
                    newuser.LastPasswordChangedDate,
                    newuser.LastLockOutDate);
            }
            catch (CreateUserException createUserException)
            {
                if (createUserException.Status < 0 || createUserException.Status > (int)MembershipCreateStatus.ProviderError)
                    createUserException.Status = (int)MembershipCreateStatus.ProviderError;
                status = (MembershipCreateStatus)createUserException.Status;
                if (createUserException.Status != 0) // !success
                    user = null;
            }
            catch
            {
                throw;
            }
            return user;
        }
        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            Util.CheckParameter(ref username, true, true, true, 256, "username");
            Util.CheckParameter(ref password, true, true, false, 128, "password");

            //string salt;
            //int passwordFormat;
            //if (!CheckPassword(username, password, false, false, out salt, out passwordFormat))
            //    return false;

            Util.CheckParameter(ref newPasswordQuestion, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 256, "newPasswordQuestion");
            string encodedPasswordAnswer;
            if (newPasswordAnswer != null)
            {
                newPasswordAnswer = newPasswordAnswer.Trim();
            }

            Util.CheckParameter(ref newPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
            if (!string.IsNullOrEmpty(newPasswordAnswer))
            {
                //encodedPasswordAnswer = EncodePassword(newPasswordAnswer.ToLower(CultureInfo.InvariantCulture), (int)passwordFormat, salt);
                encodedPasswordAnswer = newPasswordAnswer;
            }
            else
                encodedPasswordAnswer = newPasswordAnswer;
            Util.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");

            try
            {
                return SecurityMster.Instance.ChangePasswordQuestionAndAnswer(ApplicationName, username, Util.GetHash(password), newPasswordQuestion, Util.GetHash(newPasswordAnswer));
            }
            catch
            {
                throw;
            }
        }


        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            Util.CheckParameter(ref username, true, true, true, 256, "username");
            Util.CheckParameter(ref oldPassword, true, true, false, 128, "oldPassword");
            Util.CheckParameter(ref newPassword, true, true, false, 128, "newPassword");

            //string salt = null;
            //int passwordFormat;
            int status;

            //if (!CheckPassword( username, oldPassword, false, false, out salt, out passwordFormat))
            //{
            //   return false;
            // }

            if (newPassword.Length < MinRequiredPasswordLength)
            {
                throw new ArgumentException(SR.GetString(
                              SR.Password_too_short,
                              "newPassword",
                              MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture)));
            }

            int count = 0;

            for (int i = 0; i < newPassword.Length; i++)
            {
                if (!char.IsLetterOrDigit(newPassword, i))
                {
                    count++;
                }
            }

            if (count < MinRequiredNonAlphanumericCharacters)
            {
                throw new ArgumentException(SR.GetString(
                              SR.Password_need_more_non_alpha_numeric_chars,
                              "newPassword",
                              MinRequiredNonAlphanumericCharacters.ToString(CultureInfo.InvariantCulture)));
            }

            if (PasswordStrengthRegularExpression.Length > 0)
            {
                if (!Regex.IsMatch(newPassword, PasswordStrengthRegularExpression))
                {
                    throw new ArgumentException(SR.GetString(SR.Password_does_not_match_regular_expression,
                                                             "newPassword"));
                }
            }

            //            string pass = EncodePassword(newPassword, (int)passwordFormat, salt);
            string pass = newPassword;
            if (pass.Length > 128)
            {
                throw new ArgumentException(SR.GetString(SR.Membership_password_too_long), "newPassword");
            }

            ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
            OnValidatingPassword(e);

            if (e.Cancel)
            {
                if (e.FailureInformation != null)
                {
                    throw e.FailureInformation;
                }
                else
                {
                    throw new ArgumentException(SR.GetString(SR.Membership_Custom_Password_Validation_Failure), "newPassword");
                }
            }


            try
            {
                SecurityMster.Instance.ChangePassword(ApplicationName, username, Util.GetHash(oldPassword), Util.GetHash(pass));
                return true;
            }
            catch
            {
                throw;
            }
        }

        public override string GetPassword(string username, string passwordAnswer)
        {
            //if (!EnablePasswordRetrieval)
            {
                throw new NotSupportedException(SR.GetString(SR.Membership_PasswordRetrieval_not_supported));
            }
            /*
            SecUtility.CheckParameter(ref username, true, true, true, 256, "username");

            string encodedPasswordAnswer = GetEncodedPasswordAnswer(username, passwordAnswer);
            SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");

            string errText;
            int passwordFormat = 0;
            int status = 0;

            string pass = GetPasswordFromDB(username, encodedPasswordAnswer, RequiresQuestionAndAnswer, out passwordFormat, out status);

            if (pass == null)
            {
                errText = GetExceptionText(status);
                if (IsStatusDueToBadPassword(status))
                {
                    throw new MembershipPasswordException(errText);
                }
                else
                {
                    throw new ProviderException(errText);
                }
            }

            return UnEncodePassword(pass, passwordFormat);
             * */
        }

        /*
         * 
         * 
        private string GetNullableString(SqlDataReader reader, int col)
        {
            if( reader.IsDBNull( col ) == false )
            {
                return reader.GetString( col );
            }

            return null;
        }
        private string GetExceptionText(int status) {
            string key;
            switch (status)
            {
            case 0:
                return String.Empty;
            case 1:
                key = SR.Membership_UserNotFound;
                break;
            case 2:
                key = SR.Membership_WrongPassword;
                break;
            case 3:
                key = SR.Membership_WrongAnswer;
                break;
            case 4:
                key = SR.Membership_InvalidPassword;
                break;
            case 5:
                key = SR.Membership_InvalidQuestion;
                break;
            case 6:
                key = SR.Membership_InvalidAnswer;
                break;
            case 7:
                key = SR.Membership_InvalidEmail;
                break;
            case 99:
                key = SR.Membership_AccountLockOut;
                break;
            default:
                key = SR.Provider_Error;
                break;
            }
            return SR.GetString(key);
        }
        private bool IsStatusDueToBadPassword( int status )
        {
            return ( status >= 2 && status <= 6 || status == 99 );
        }
        private DateTime RoundToSeconds(DateTime dt)
        {
            return new DateTime(dt.Year, dt.Month, dt.Day, dt.Hour, dt.Minute, dt.Second);
        }

        private SqlParameter CreateInputParam( string paramName,
                                               SqlDbType dbType,
                                               object objValue )
        {

            SqlParameter param = new SqlParameter( paramName, dbType );

            if( objValue == null )
            {
                param.IsNullable = true;
                param.Value = DBNull.Value;
            }
            else
            {
                param.Value = objValue;
            }

            return param;
        }
        private string GetPasswordFromDB( string       username,
                                          string       passwordAnswer,
                                          bool         requiresQuestionAndAnswer,
                                          out int      passwordFormat,
                                          out int      status )
        {
            try {
                SqlConnectionHolder holder = null;
                SqlDataReader       reader = null;
                SqlParameter        p       = null;

                try {
                    holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand cmd = new SqlCommand( "dbo.aspnet_Membership_GetPassword", holder.Connection );

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add( CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
                    cmd.Parameters.Add( CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
                    cmd.Parameters.Add( CreateInputParam( "@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
                    cmd.Parameters.Add( CreateInputParam( "@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
                    cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));

                    if ( requiresQuestionAndAnswer )
                    {
                        cmd.Parameters.Add( CreateInputParam( "@PasswordAnswer", SqlDbType.NVarChar, passwordAnswer ) );
                    }

                    p = new SqlParameter( "@ReturnValue", SqlDbType.Int );
                    p.Direction = ParameterDirection.ReturnValue;
                    cmd.Parameters.Add(p);

                    reader = cmd.ExecuteReader( CommandBehavior.SingleRow );

                    string password = null;

                    status = -1;

                    if ( reader.Read() )
                    {
                        password = reader.GetString( 0 );
                        passwordFormat = reader.GetInt32( 1 );
                    }
                    else
                    {
                        password = null;
                        passwordFormat = 0;
                    }

                    return password;
                }
                finally
                {
                    if( reader != null )
                    {
                        reader.Close();
                        reader = null;

                        status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
                    }

                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
            }
            catch
            {
                throw;
            }

        }

        private void GetPasswordWithFormat( string       username,
                                            bool         updateLastLoginActivityDate,
                                            out int      status,
                                            out string   password,
                                            out int      passwordFormat,
                                            out string   passwordSalt,
                                            out int      failedPasswordAttemptCount,
                                            out int      failedPasswordAnswerAttemptCount,
                                            out bool     isApproved,
                                            out DateTime lastLoginDate,
                                            out DateTime lastActivityDate)
        {
            try {
                SqlConnectionHolder holder = null;
                SqlDataReader       reader = null;
                SqlParameter        p      = null;

                try {
                    holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand    cmd     = new SqlCommand( "dbo.aspnet_Membership_GetPasswordWithFormat", holder.Connection );

                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
                    cmd.Parameters.Add(CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
                    cmd.Parameters.Add(CreateInputParam("@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate));
                    cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));

                    p = new SqlParameter( "@ReturnValue", SqlDbType.Int );
                    p.Direction = ParameterDirection.ReturnValue;
                    cmd.Parameters.Add(p);

                    reader = cmd.ExecuteReader( CommandBehavior.SingleRow );

                    status = -1;

                    if (reader.Read())
                    {
                        password = reader.GetString( 0 );
                        passwordFormat = reader.GetInt32( 1 );
                        passwordSalt = reader.GetString( 2 );
                        failedPasswordAttemptCount = reader.GetInt32( 3 );
                        failedPasswordAnswerAttemptCount = reader.GetInt32( 4 );
                        isApproved = reader.GetBoolean(5);
                        lastLoginDate = reader.GetDateTime(6);
                        lastActivityDate = reader.GetDateTime(7);
                    }
                    else
                    {
                        password = null;
                        passwordFormat = 0;
                        passwordSalt = null;
                        failedPasswordAttemptCount = 0;
                        failedPasswordAnswerAttemptCount = 0;
                        isApproved = false;
                        lastLoginDate = DateTime.UtcNow;
                        lastActivityDate = DateTime.UtcNow;
                    }
                }
                finally
                {
                    if( reader != null )
                    {
                        reader.Close();
                        reader = null;

                        status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
                    }

                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
            } catch
            {
                throw;
            }

        }
        private string GetEncodedPasswordAnswer(string username, string passwordAnswer)
        {
            if( passwordAnswer != null )
            {
                passwordAnswer = passwordAnswer.Trim();
            }
            if (string.IsNullOrEmpty(passwordAnswer))
                return passwordAnswer;
            int status, passwordFormat, failedPasswordAttemptCount, failedPasswordAnswerAttemptCount;
            string password, passwordSalt;
            bool isApproved;
            DateTime lastLoginDate, lastActivityDate;
            GetPasswordWithFormat(username, false, out status, out password, out passwordFormat, out passwordSalt,
                                  out failedPasswordAttemptCount, out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
            if (status == 0)
                return EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, passwordSalt);
            else
                throw new ProviderException(GetExceptionText(status));
        }

        internal string EncodePassword(string pass, int passwordFormat, string salt)
        {
            if (passwordFormat == 0) // MembershipPasswordFormat.Clear
                return pass;

            byte[] bIn = Encoding.Unicode.GetBytes(pass);
            byte[] bSalt = Convert.FromBase64String(salt);
            byte[] bAll = new byte[bSalt.Length + bIn.Length];
            byte[] bRet = null;

            Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
            Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
            if (passwordFormat == 1)
            { // MembershipPasswordFormat.Hashed
                HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType );
                bRet = s.ComputeHash(bAll);
            } else
            {
                bRet = EncryptPassword( bAll );
            }

            return Convert.ToBase64String(bRet);
        }


        internal string GenerateSalt()
        {
            byte[] buf = new byte[16];
            (new RNGCryptoServiceProvider()).GetBytes(buf);
            return Convert.ToBase64String(buf);
        }
        internal string UnEncodePassword(string pass, int passwordFormat)
        {
            switch (passwordFormat)
            {
                case 0: // MembershipPasswordFormat.Clear:
                    return pass;
                case 1: // MembershipPasswordFormat.Hashed:
                    throw new ProviderException(SR.GetString(SR.Provider_can_not_decode_hashed_password));
                default:
                    byte[] bIn = Convert.FromBase64String(pass);
                    byte[] bRet = DecryptPassword( bIn );
                    if (bRet == null)
                        return null;
                    return Encoding.Unicode.GetString(bRet, 16, bRet.Length - 16);
            }
        }
        private bool CheckPassword( string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved)
        {
            string              salt;
            int                 passwordFormat;
            return CheckPassword(username, password, updateLastLoginActivityDate, failIfNotApproved, out salt, out passwordFormat);
        }
         
        private bool CheckPassword( string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat)
        {
            SqlConnectionHolder holder = null;
            string              passwdFromDB;
            int                 status;
            int                 failedPasswordAttemptCount;
            int                 failedPasswordAnswerAttemptCount;
            bool                isPasswordCorrect;
            bool                isApproved;
            DateTime            lastLoginDate, lastActivityDate;

            GetPasswordWithFormat(username, updateLastLoginActivityDate, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
                                  out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
            if (status != 0)
                return false;
            if (!isApproved && failIfNotApproved)
                return false;

            string encodedPasswd = EncodePassword( password, passwordFormat, salt );

            isPasswordCorrect = passwdFromDB.Equals( encodedPasswd );

            if( isPasswordCorrect && failedPasswordAttemptCount == 0 && failedPasswordAnswerAttemptCount == 0 )
                return true;

            try
            {
                try
                {
                    holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
                    CheckSchemaVersion( holder.Connection );

                    SqlCommand cmd = new SqlCommand( "dbo.aspnet_Membership_UpdateUserInfo", holder.Connection );
                    DateTime   dtNow = DateTime.UtcNow;
                    cmd.CommandTimeout = CommandTimeout;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add( CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
                    cmd.Parameters.Add( CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
                    cmd.Parameters.Add( CreateInputParam( "@IsPasswordCorrect", SqlDbType.Bit, isPasswordCorrect ) );
                    cmd.Parameters.Add( CreateInputParam( "@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate ) );
                    cmd.Parameters.Add( CreateInputParam( "@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
                    cmd.Parameters.Add( CreateInputParam( "@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
                    cmd.Parameters.Add( CreateInputParam( "@CurrentTimeUtc", SqlDbType.DateTime, dtNow));
                    cmd.Parameters.Add( CreateInputParam( "@LastLoginDate", SqlDbType.DateTime, isPasswordCorrect ? dtNow : lastLoginDate));
                    cmd.Parameters.Add( CreateInputParam( "@LastActivityDate", SqlDbType.DateTime, isPasswordCorrect ? dtNow : lastActivityDate));
                    SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
                    p.Direction = ParameterDirection.ReturnValue;
                    cmd.Parameters.Add(p);

                    cmd.ExecuteNonQuery();

                    status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
                }
                finally
                {
                    if( holder != null )
                    {
                        holder.Close();
                        holder = null;
                    }
                }
            }
            catch
            {
                throw;
            }

            return isPasswordCorrect;
        }

         * 
         * 
         * 
         * */

    }
}
